What is Cross-Site Scripting (XSS)?

Cross-site scripting is a security violation that is normally found in the web applications. It is one of the most frequent application layer web attacks. Many web developers aren’t completely clear on what the term means. This article describes cross-site scripting security issues, how to prevent it. Smarmy of the article:

• What is Cross-site Scripting?
• How to Prevent Cross-site scripting?

What is Cross-site Scripting?
Cross-site Scripting or XSS is a one kind of attack where the attacker generates some malicious codes and injects it into the web site or web application in order to damage the application or gather information from the application. It is also called JavaScript Injection. Generally the attacker uses JavaScript, VBScript, ActiveX, HTML, and Flash Action Script. Usually the attacker uses Input Box/ Text Box of the web page.

How to Prevent Cross-site scripting?
In ASP.NET applications, we can prevent this XSS by writing a simple code in the web.config file. A sample code is given bellow:

<system.web> 
    <pagesvalidateRequest="true">pages> 
<system.web>

Then if somebody tries to inject some scripting code then system will display alert message [A potentially dangerous request…]

We can also prevent this by HTML encoding. The sample code for HTML encoding is given bellow:

Server.HtmlEncode(TextBoxName.Text)

Technology is changing rapidly and hacker attacks are becoming more sophisticated. But if we understand the basics techniques we can be prepared to prevent future attack techniques that will most definitely arise.